Skip to main content

Data Protection

Data Breach Notification

How to report a data breach pursuant to Art. 33 GDPR – we are here for you and support you with timely reporting.

Report a Data Breach – How to Act Correctly

A personal data breach (also: data incident) occurs when personal data is unintentionally or unlawfully destroyed, altered, disclosed, or made accessible. This can happen through hacking, system failures, human error, or the loss of storage media.

Types of Personal Data Breaches

There are three main categories:

  • Confidentiality breach: data is disclosed or made accessible without authorization

  • Integrity breach: data is altered or manipulated without authorization

  • Availability breach: data is unintentionally destroyed or lost

Notification Obligation Under Art. 33 GDPR

As soon as you become aware of a personal data breach, you must notify the competent supervisory authority within 72 hours. This deadline starts from the moment you become aware of the breach.

What Must the Notification Contain?

  • Type of breach with categories of data affected

  • Approximate number of individuals affected

  • Likely consequences of the breach

  • Measures taken to remediate the breach

If the complete information is not available within 72 hours, you may provide it subsequently.

Report a Data Breach

Direct Contact

Phone
+49 731 280 651 0
(Monday - Friday 9:00-17:00)

Email
datenschutz@preeco.de

Address
preeco GmbH
Magirus-Deutz-Straße 14
89077 Ulm

FAQ

Frequently Asked Questions

Not every breach poses a risk to the rights and freedoms of affected persons. If the breach is unlikely to pose a risk, no notification is required. However, always document the decision.

If the data breach is likely to pose a high risk to the rights and freedoms of individuals, you must inform the affected persons without undue delay (Art. 34 GDPR).

As a data processor, preeco supports you in documenting and analyzing data breaches. However, the notification to the authority is made by you as the data controller.

Violation of the reporting obligation can result in fines of up to 10 million euros or 2% of global annual turnover.